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Claims 

L A method for providing authentication for setting up secure connections 
between a plurality of network nodes comprising at least the steps of 

5 

- placing a collection of accepted certificates comprising at least one accepted 
certificate available for other nodes by said first node, 

- importing said collection by at least one other node than said first node, 

10 

- setting up of at least one secure connection by at least one of said at least one 
other node to a destination node whose certificate was imported as a part of said 
collection, and automatically accepting the authenticity of said destination node. 

15 2. A method according to claim 1 further comprising at least the steps of 

- automatically obtaining a certificate of a second node by a first node, 

- displaying at least an identification string of said certificate, to the user of said 
20 first node, 

- receiving an indication of acceptance or rejection of trust regarding said 
certificate from said user, and in the case of receiving an indication of acceptance, 
storing at least an indication of the acceptance and said certificate, and 

25 

- setting up a secure connection from said first node to said second node, 

3. A method according to claim 1 further comprising at least die step of 
digitally signing said collection by said first node. 
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4. A method according to claim 1 further comprising at least the steps of 
enciyption of said collection by said first node. 

5. A method according to claim 1 further comprising at least the step of 
5 saving certificate use policy information in said collection by said first node. 

6. A method according to claim 1 further comprising at least the step of 
digitally signing each certificate in said collection by said first node. 

10 7, A method in a network node for setting up secure connections between 
the node and other network nodes comprising at least the steps of 

automatically obtaining a certificate of a second node by the network node, 

15 displaying at least an identification string of said certificate to the user of the 
network node, 

- receiving an indication of acceptance or rejection of trust regarding said 
certificate from said user, and in the case of receiving an indication of acceptance, 

20 storing at least an indication of the acceptance and said certificate, 

- setting up a secure connection from the network node to said second node, and 

- placing a collection of accepted certificates comprising at least one accepted 
2S certificate available for other nodes by the network node, 

8. A method in a network node for setting up secure connections between 
the node and other network nodes comprising at least die steps of 
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- importing a collection of accepted certificates from at least one other node, 

- selling up of at least one secure connection to a destination node whose 
certificate was imported as a part of said collection) and automatically accepting 

5 the authenticity of said destination node. 

9. A system in a network node for setting up secure connections between 
network nodes comprising at least 

10 - means for placing a collection of accepted certificates comprising at least one 
accepted certificate available for other nodes, 

- means for importing a collection of accepted certificates from another node, 

15 - means for setting up of at least one secure connection to a destination node, and 

means for automatically accepting the authenticity of a destination node, if the 
certificate of said destination node was previously imported by said means fur 
importing. 

20 

10. A computer program product for setting Up secure connections between 
network nodes comprising at. least 

- computer program code means for placing a collection of accepted certificates 
25 comprising at least one accepted certificate available for uilier nodes, 



- computer program code means for importing a collection of accepted certificates 
from another node, 
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- computer program code means for selling up of at least one secure connection to 
a destination node, and 

- computer program code means for automatically accepting the authenticity of a 
5 destination node, if the certificate uf said destination node was previously 

imported by said means for importing. 

11. A computer program product according to claim 10 further comprising 
firewall functionality. 

10 

12. A computer program product according to claim 10 wherein lire cumpuLcr 
program product is an IPSec client program, 

13. A computer program product according to claim 1 0, farther comprising 

15 

- computer program code means for obtaining a certificate of a remote node, 

- computer program code means for displaying at least an identification string of 
said certificate to the user of the computer program product, 

20 

- computer program code means for receiving an indication of acceptance or 
rejection of trust regarding said certificate from said user, and 

- computer program code means tor storing at least an indication of the acceptance 
25 and said certificate in the case of receiving an indication of acceptance. 
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14. A compuiex in a network having network nodes comprising at least 

- computer program code means for placing a collection of accepted certificates 
comprising at least one accepted certificate available for odier nodes, 

5 

- computer program code means for importing a collection of accepted certificates 
from another node, 

- computer program code means for setting up of at least one secure connection to 
10 a destination node, and 

computer program code means for automatically accepting the authenticity of a 
destination node, if the certificate of said destination node was previously 
imported by said means for importing. 

15 

15. A method for automatic configuration of a network node, wherein the 
method comprises at least the steps of 

- initiating a negotiation according to a security parameter negotiation protocol 
with a second network node, 

20 - sending a request for a certificate, 

- receiving a certificate, 

- terminating said negotiation, and 

- determining a connection parameter value based at least in part on information 
received during said negotiation. 

25 

Id. A method according to claim 1 5 further comprising the step of 
determining a parameter value based at least in pan on information in said 
received certificate. 
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17. A method accoiding to claim 15 fuiilicr comprising ihc step of 
determining a parameter value based al IcasL in pail on manufacturer idciiiilicaiiou 
infoiuiation received fruin said second network node. 

5 18. A method according to claim 15 further comprising die steps of 

- determining if a packet has been modified during transit from said second node, 
and 

- determining a parameter value based on the result of said determining if a packet 
has been modified. 

0 

19- A method according to claim 15 wherein said protocol is the IKE 
protocol. 



